architecture-as-code icon indicating copy to clipboard operation
architecture-as-code copied to clipboard

Published 20 hours ago verified publisher icon finos

CALM CLI Validation of Control Configurations against Control Requirements, Validation of Detailed Architecture

Open jpgough-ms opened this issue 1 year ago • 3 comments

Feature Request

Description of Problem:

In the October schema, we have introduced the concept of control requirements (a JSON schema following the control-requirement base schema). The specific control requirement schema use a control-configuration to specify the JSON document that meets the schema.

For example:

"controls": {
        "cbom": {
            "description": "Control requirements for delivering patterns",
            "requirements": [
              {
                "control-requirement": "https://raw.githubusercontent.com/finos/architecture-as-code/main/calm/control-example/pre-prod-review-specification.json",
                "control-config": "https://raw.githubusercontent.com/finos/architecture-as-code/main/calm/control-example/pre-prod-review-configuration.json"
              }
            ]
          }
      }

The validator should JSON schema validate the control-configuration against the control-requirement.

jpgough-ms avatar Oct 07 '24 09:10 jpgough-ms

It would also be good to validate detailed architectures (and the pattern if it uses one)

jpgough-ms avatar Oct 07 '24 15:10 jpgough-ms

It would also be good to validate detailed architectures (and the pattern if it uses one)

Can we add that as a separate issue @jpgough-ms ? I think it's useful, but perhaps we can live without it for v1?

rocketstack-matt avatar Oct 17 '24 15:10 rocketstack-matt

+1 this feature would be great!

The validator should JSON schema validate the control-configuration against the control-requirement.

Exactly. I think I’m right in saying that at the moment (release 1.0) you can include "controls" in the "required" property of some element in the pattern, and you will get errors/warnings if your architecture does not contain a "controls" object (i.e. an object where each entry has a "description" and a "requirements" array). However, you will not get errors/warnings if the "requirements" array contains an item whose config or config-url is not valid with respect to its associated requirement-url.

edit: is there any way you can commit to (or comment on the likelihood of committing to) implementing this feature? it's foundational to a use case I have, so calm's viability for that use case does sort of depend on the timeline for implementing this feature.

finleybacon avatar Sep 23 '25 09:09 finleybacon